import libwmf-0.2.9-8.el8_0

SOURCES/0001-merge-in-fixes-for-libgd-CVE-2019-6978.patch

@@ -0,0 +1,148 @@
+From f58c813f8afcd08acdd630f378cff1a5009655cc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Thu, 31 Jan 2019 16:02:19 +0000
+Subject: [PATCH] merge in fixes for libgd CVE-2019-6978
+
+---
+ README                 |  5 +++++
+ configure.ac           |  2 +-
+ src/extra/gd/gd_jpeg.c | 21 +++++++++++++++++----
+ src/extra/gd/gd_wbmp.c | 24 ++++++++++++++++++++++--
+ 4 files changed, 45 insertions(+), 7 deletions(-)
+
+diff --git a/src/extra/gd/gd_jpeg.c b/src/extra/gd/gd_jpeg.c
+index 7e6dfbb..b270186 100644
+--- a/src/extra/gd/gd_jpeg.c
++++ b/src/extra/gd/gd_jpeg.c
+@@ -72,6 +72,8 @@ fatal_jpeg_error (j_common_ptr cinfo)
+   exit (99);
+ }
+ 
++static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality);
++
+ /*
+  * Write IM to OUTFILE as a JFIF-formatted JPEG image, using quality
+  * QUALITY.  If QUALITY is in the range 0-100, increasing values
+@@ -93,8 +95,12 @@ gdImageJpegPtr (gdImagePtr im, int *size, int quality)
+ {
+   void *rv;
+   gdIOCtx *out = gdNewDynamicCtx (2048, NULL);
+-  gdImageJpegCtx (im, out, quality);
+-  rv = gdDPExtractData (out, size);
++  if (out == NULL) return NULL;
++  if (!_gdImageJpegCtx(im, out, quality)) {
++    rv = gdDPExtractData(out, size);
++  } else {
++    rv = NULL;
++  }
+   out->free (out);
+   return rv;
+ }
+@@ -103,6 +109,12 @@ static void jpeg_gdIOCtx_dest (j_compress_ptr cinfo, gdIOCtx * outfile);
+ 
+ void
+ gdImageJpegCtx (gdImagePtr im, gdIOCtx * outfile, int quality)
++{
++  _gdImageJpegCtx(im, outfile, quality);
++}
++
++/* returns 0 on success, 1 on failure */
++static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
+ {
+   struct jpeg_compress_struct cinfo;
+   struct jpeg_error_mgr jerr;
+@@ -139,7 +151,7 @@ gdImageJpegCtx (gdImagePtr im, gdIOCtx * outfile, int quality)
+       /* we're here courtesy of longjmp */
+       if (row)
+ 	gdFree (row);
+-      return;
++      return 1;
+     }
+ 
+   cinfo.err->error_exit = fatal_jpeg_error;
+@@ -173,7 +185,7 @@ gdImageJpegCtx (gdImagePtr im, gdIOCtx * outfile, int quality)
+       fprintf (stderr, "gd-jpeg: error: unable to allocate JPEG row "
+ 	       "structure: gdCalloc returns NULL\n");
+       jpeg_destroy_compress (&cinfo);
+-      return;
++      return 1;
+     }
+ 
+   rowptr[0] = row;
+@@ -254,6 +266,7 @@ error:
+ #endif
+   jpeg_destroy_compress (&cinfo);
+   gdFree (row);
++  return 0;
+ }
+ 
+ gdImagePtr
+diff --git a/src/extra/gd/gd_wbmp.c b/src/extra/gd/gd_wbmp.c
+index f1258da..4b27043 100644
+--- a/src/extra/gd/gd_wbmp.c
++++ b/src/extra/gd/gd_wbmp.c
+@@ -85,6 +85,7 @@ gd_getin (void *in)
+   return (gdGetC ((gdIOCtx *) in));
+ }
+ 
++static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out);
+ 
+ /*      gdImageWBMPCtx
+    **  --------------
+@@ -97,6 +98,12 @@ gd_getin (void *in)
+  */
+ void
+ gdImageWBMPCtx (gdImagePtr image, int fg, gdIOCtx * out)
++{
++  _gdImageWBMPCtx(image, fg, out);
++}
++
++/* returns 0 on success, 1 on failure */
++static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
+ {
+ 
+   int x, y, pos;
+@@ -107,7 +114,7 @@ gdImageWBMPCtx (gdImagePtr image, int fg, gdIOCtx * out)
+   if ((wbmp = createwbmp (gdImageSX (image), gdImageSY (image), WBMP_WHITE)) == NULL)
+     {
+       fprintf (stderr, "Could not create WBMP\n");
+-      return;
++      return 1;
+     }
+ 
+   /* fill up the WBMP structure */
+@@ -126,9 +133,16 @@ gdImageWBMPCtx (gdImagePtr image, int fg, gdIOCtx * out)
+ 
+   /* write the WBMP to a gd file descriptor */
+   if (writewbmp (wbmp, &gd_putout, out))
++  {
+     fprintf (stderr, "Could not save WBMP\n");
++    freewbmp (wbmp);
++    return 1;
++  }
++
+   /* des submitted this bugfix: gdFree the memory. */
+   freewbmp (wbmp);
++
++  return 0;
+ }
+ 
+ 
+@@ -214,8 +228,12 @@ gdImageWBMPPtr (gdImagePtr im, int *size, int fg)
+ {
+   void *rv;
+   gdIOCtx *out = gdNewDynamicCtx (2048, NULL);
+-  gdImageWBMPCtx (im, fg, out);
+-  rv = gdDPExtractData (out, size);
++  if (out == NULL) return NULL;
++  if (!_gdImageWBMPCtx(im, fg, out)) {
++    rv = gdDPExtractData(out, size);
++  } else {
++    rv = NULL;
++  }
+   out->free (out);
+   return rv;
+ }
+-- 
+2.20.1
+

SPECS/libwmf.spec

@@ -1,7 +1,7 @@
 Summary: Windows MetaFile Library
 Name: libwmf
 Version: 0.2.9
-Release: 4%{?dist}
+Release: 8%{?dist}
 Group: System Environment/Libraries
 #libwmf is under the LGPLv2+, however...
 #1. The tarball contains an old version of the urw-fonts under GPL+.
@@ -13,6 +13,7 @@ Source: https://github.com/caolanm/libwmf/archive/v%{version}.tar.gz
 URL: https://github.com/caolanm/libwmf
 
 Patch0: covscan.patch
+Patch1: 0001-merge-in-fixes-for-libgd-CVE-2019-6978.patch
 
 Requires: urw-fonts
 Requires: %{name}-lite = %{version}-%{release}
@@ -46,6 +47,7 @@ using libwmf.
 %prep
 %setup -q
 %patch0  -p1 -b .covscan
+%patch1  -p1 -b .CVE-2019-6978
 f=README ; iconv -f iso-8859-2 -t utf-8 $f > $f.utf8 ; mv $f.utf8 $f
 
 %build
@@ -101,6 +103,18 @@ sed -i $RPM_BUILD_ROOT%{_datadir}/libwmf/fonts/fontmap -e 's#libwmf/fonts#fonts/
 
 
 %changelog
+* Wed Aug 14 2019 Caolán McNamara <caolanm@redhat.com> - 0.2.9-8
+- Related: rhbz1717799 fix clang warning
+
+* Wed Aug 14 2019 Caolán McNamara <caolanm@redhat.com> - 0.2.9-7
+- Related: rhbz1717799 bump n-v-r
+
+* Wed Mar 06 2019 Caolán McNamara <caolanm@redhat.com> - 0.2.9-6
+- Related: rhbz1679006 bump n-v-r
+
+* Tue Feb 26 2019 Caolán McNamara <caolanm@redhat.com> - 0.2.9-5
+- Resolves: rhbz1679006 libgd CVE-2019-6978
+
 * Fri Aug 10 2018 Caolán McNamara <caolanm@redhat.com> - 0.2.9-4
 - Related: rhbz#1602602 fix more clang warnings